Introducing Win11 GPOs to production
Posted by Fluffy-Ad-6943@reddit | sysadmin | View on Reddit | 5 comments
Currently testing Windows 11 with a view to introducing to Windows 10 environment, have updated the ADMX\ADML templates to 23H2 etc just wondering about best way to introduce Windows 11 only GPOs best practices etc
I am thinking of creating an OU on root, and blocking inheritance on the OU for other GPO's. Also looking to test the effect of existing OU's, creating an OU under the same OU as the other desktops/laptops that are domain joined and not blocking inheritance. Looking to check in with case studies best practice on this in environments that are mixed Windows 11 and Windows 10 or even Windows 11 to see whats been used, have tried looking online seeing very little in relation to it, just to add not in an Intune environment, I know that changes things advice appreciated
CulinaryComputerWiz@reddit
+1 for WMI filters
select * from Win32_OperatingSystem where ((Caption like "%Windows 11%") and (ProductType="1"))And also check your Link Order to apply the new GPOs last. That way the new GPOs will only apply to Windows 11 computers and will overwrite any conflicting settings in your existing GPOs in that OU.
Brev-ity@reddit
You'd like to think that Win11 only items would do nothing if applied to a Win10 machine. However, that's a risky assumption given the Microsoft of today.
zed0K@reddit
WMI filter as others have said, but if you're going Intune in the future, your idea of blocking inheritance on a new machine OU is what we're doing. Just note of course your user policies will still apply doing it this way.
nordak@reddit
You could use a WMI Filter to apply any given GPO to only Windows 11 PCs, and/or create Windows 11 test OUs.
fireandbass@reddit
WMI filter for Windows 11 applied to the GPO